PHP 8.1 is currently only receiving security fixes. PHP 8.1.16 is not the latest version in the series, and using this release is not recommended. PHP 8.1.32 is the latest in the series.
Downloads
Source Code
Git Clone
Use Git to clone the 8.1.16 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.1.16
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf
), configuring the build ./configure
, and running make
.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Windows binaries
Non-Thread Safe Builds
Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.
php-8.1.16-x64NTS.zip (29.26 MiB)
php-8.1.16-x86NTS.zip (26.32 MiB)
Thread-Safe Builds
Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.
php-8.1.16-x64TS.zip (29.36 MiB)
php-8.1.16-x86TS.zip (26.30 MiB)
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.1.16-cli-alpine
Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.1.16-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.1.16-fpm-alpine
Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.1.16-apache
Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.1.16-fpm
ChangeLog
Core
- Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567).
- Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568).
SAPI
- Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)
Commit List
Ben Ramsey
- Prepare for release 8.1.16 in 371a2224bc
- Update NEWS in f6808648a4
- Update versions for PHP 8.1.16 in aa5f9f0519
Jakub Zelenka
- Fix repeated warning for file uploads limit exceeding in 830bdb582f
- Introduce max_multipart_body_parts INI in 94fce68f03
- Change NEWS for GHSA-54hq-v5wp-fqgv as it is for all SAPIs in 76af0f93bb
- Fix missing colon in NEWS in b453c95fe8
Niels Dossche
- Fix array overrun when appending slash to paths in c0fceebfa1
Tim Düsterhus
- crypt: Fix validation of malformed BCrypt hashes in 7882d12ff2
- crypt: Fix possible buffer overread in
php_crypt()
in 8ef9294248